Description
This module exploits a SQL query functionality in ManageEngine EventLog Analyzer v10.6 build 10060 and previous versions. Every authenticated user, including the default "guest" account can execute SQL queries directly on the underlying Postgres database server. The queries are executed as the "postgres" user which has full privileges and thus is able to write files to disk. This way a JSP payload can be uploaded and executed with SYSTEM privileges on the web server. This module has been tested successfully on ManageEngine EventLog Analyzer 10.0 (build 10003) over Windows 7 SP1.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/windows/misc/manageengine_eventlog_analyzer_rcemsf undefined(manageengine_eventlog_analyzer_rce) > show actions ...actions...msf undefined(manageengine_eventlog_analyzer_rce) > set ACTION < action-name >msf undefined(manageengine_eventlog_analyzer_rce) > show options ...show and set options...msf undefined(manageengine_eventlog_analyzer_rce) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub